Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure ACR support #1180

Closed
pixelari opened this issue Apr 6, 2020 · 2 comments
Closed

Azure ACR support #1180

pixelari opened this issue Apr 6, 2020 · 2 comments

Comments

@pixelari
Copy link

pixelari commented Apr 6, 2020

Any plans to support Azure ACR? Last closed issue was without any reply.

Having this doesn't work

    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker/
...
  - name: kaniko-secret
    secret:
      secretName: registry-credentials
      items:
        - key: .dockerconfigjson
          path: config.json
@tmaier
Copy link

tmaier commented Apr 6, 2020

How does the config.json look like?

For example, this is how one generates the config.json for GitLab CI:

echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json

Btw. "the last issue" (please reference it), "doesn't work" what is the error message you get?

@pixelari
Copy link
Author

pixelari commented Apr 7, 2020

Well, it seems that Azure ACR auth doesn't work with kubernetes docker-registry type secret.. Had to do manualy json and convert it to base64.

Here is an example of working Kaniko pod, which utilizes source code in Bitbucket using ssh authentication and push image to Azure ACR. I hope it will save some time for someone.. :)

---
apiVersion: v1
kind: Pod
metadata:
  name: kaniko
spec:
  initContainers:
  - name: git-clone
    image: alpine
    command: ["sh", "-c"]
    args: 
    - |
      apk add --no-cache git openssh &&
      ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts &&
      git clone git@bitbucket.org:organization/something.git /workspace
    volumeMounts:
    - name: docker-volume
      mountPath: /workspace
    - name: ssh-key-volume
      mountPath: /root/.ssh/id_rsa
      subPath: id_rsa
    - name: ssh-hosts
      mountPath: /root/.ssh
  containers:
  - name: kaniko
    image: gcr.io/kaniko-project/executor:latest
    args:
      - "--context=dir:///workspace"
      - "--destination=someacr.azurecr.io/something:1.0.0"
    volumeMounts:
      - name: kaniko-secret
        mountPath: /kaniko/.docker/
      - name: docker-volume
        mountPath: /workspace
  restartPolicy: Never
  volumes:
  - name: kaniko-secret
    secret:
      secretName: regcred
      items:
        - key: config.json
          path: config.json
  - name: ssh-key-volume
    secret:
      secretName: my-ssh-key
      defaultMode: 0400
  - name: docker-volume
    emptyDir: {}
  - name: ssh-hosts
    emptyDir: {}

and this is my config.json

"{\"auths\": {\"someacr.azurecr.io\": {\"username\": \"sp_cred_client_id\",\"password\": \"sp_creds_secret_id\"}}}"

Convert it to base64 and create secre

echo -n "{\"auths\": {\"someacr.azurecr.io\": {\"username\": \"sp_cred_client_id\",\"password\": \"sp_creds_secret_id\"}}}" | base64

cat <<EOF | kubectl apply -f -
---
apiVersion: v1
kind: Secret
metadata:
  name: regcred
data:
  config.json: eyJhdXRocyI6IHsic29tZWFjci5henVyZWNyLmlvIjogeyJ1c2VybmFtZSI6ICJzcF9jcmVkX2NsaWVudF9pZCIsInBhc3N3b3JkIjogInNwX2NyZWRzX3NlY3JldF9pZCJ9fX0=
EOF

@pixelari pixelari closed this as completed Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tmaier @pixelari